Articles

Unprotected .gov email addresses are being spoofed by the Russians

The firm looked at nearly 70 million emails sent during October from 5,000 different .gov origin domains preserved by Proofpoint, the company’s VP of Email Fraud policy Robert Holmes told News. More than 3,000 of those regions had been tricked by hackers sending phishing emails that indicated to come from a trusted communicant.

“We saw over 8.5 million false messages,” Holmes wrote in a blog post-Monday, “Almost 10 percent of which were not even carried from a US-based address.”

The spoofed .gov emails in October started from IP locations in 187 different countries, including Russia. But there were twists of particular strength from some countries probably characteristic of particular cybercrime or cyber-espionage campaigns.

“In August of this year, one special company saw 80 percent of hateful emails spoofing their personality sent from Russian IPs,” the post states. Proofpoint declined to identify the agency, citing customer confidentiality.

Russia sells for more than a fraction of all such hateful email since January 2016, the Proofpoint analysis adds.

“There’s no reliable reason for a foreign IP address to be conducting an email saying it’s from a federal agency” or a user with a .gov email address, Holmes told CyberScoop. But outdoors the right security measures, there’s nothing to stop it happening.

“I can put anything I want to in that ‘from’ field,” he said, joining that the analysis highlights the “urgent need” for a recent Department of Homeland Security governmentwide order. The Binding Operational Directive, as it’s known, means that all federal agencies will have within 90 days to deploy an email order called DMARC Domain-based Message Authentication, Reporting, and Conformance.

DMARC is a professional standard and a set of best works that prevent hackers from representing or spoofing an email address. The standards must be achieved by both sender and receiver. When an email comes from domains with a DMARC policy and hits inboxes preserved with the standard, messages with spoofed addresses are diverted to a spam folder or just not delivered at all. More than three-quarters of all the email inboxes on the planet are preserved, according to one analysis.